Although child identity theft has received increasing attention in recent years, most parents don’t discover it—let alone take action—until after experiencing a financial loss. Among families who reported a financial loss due to identity theft, roughly 96% did not have their children included in a family protection plan until after the breach had occurred.
For the past four years, Javelin Strategy & Research has focused on the issue of child identity theft and the risks that threaten children. In a PaymentsJournal podcast, Tracy Goldberg, Director of Cybersecurity at Javelin, and Eva Velasquez, CEO of the Identity Theft Resource Center, discussed the dangers children face on social media and the steps parents can take to protect them.
At Risk of Oversharing
The risks associated with social media are extremely concerning when it comes to child identity theft—and for fairly simple reasons. Nearly every child over the age of 10 has some form of social media presence. This might include school-based platforms, mainstream social media platforms like YouTube, Facebook, or Instagram, and even online gaming platforms like Fortnite or Minecraft.
Having grown up in a digital age where social media has always existed, children are naturally comfortable interacting with others online. They’re also more inclined to share personal information. This makes them particularly vulnerable, as they may engage with individuals they don’t know in real life.
Social media is, by nature, a network. Information spreads rapidly depending on who you’re connected with—and who they’re connected with. If you’re sharing personal details publicly, or interacting with strangers on gaming platforms, you’re exposing yourself to serious risks.
“When I was a child, we were taught to be leery of people you don’t know,” said Goldberg. “Children don’t feel that same kind of concern when it comes to interacting online. The dark web was a powerful place for cybercriminals to hide what they were doing and buy and sell and trade information. But cybercriminals don’t even need the dark web anymore. They can use social platforms to trade information, steal information, sell information, buy information, anything they want right out in the open.”
The Parents’ Role
Even though children have access to many devices and may seem even more tech-savvy than their parents, they don’t always have the critical reasoning skills needed to navigate them safely. Add to that the fact that they are battling criminal enterprises using sophisticated social engineering tactics, and it can be hard for adults to fully appreciate what they’re struggling with.
Parents also put their kids at risk by sharing too much on social media—tagging their kids in pictures or posting when they go on vacation. There’s a lot of education needed across all age groups.
Many parents still hold the notion that when kids are home, they’re safe. That used to be true, but it’s no longer the case. If children have access to a device, particularly one with internet connection, parents can’t assume they are safe. They need a heightened level of concern, just as they would if their kids were playing at a park.
“At Javelin we’ve advised our clients about steps they can take to help educate their customers about provisions that can be taken to help enhance their security,” said Goldberg. “We’ve also suggested that financial institutions or even wealth managers offer identity theft protection or ancillary services that could help make their customers’ accounts more secure. We see opportunities through employee benefits programs, because if your employees and their children are exposed to cyber risk, it ultimately exposes your company to risk.”
It’s a win-win situation for employers to provide security provisions that not only secure corporate-issued mobile device and laptops, but also extend to VPNs for the home network. Since the pandemic, more people have been working in a hybrid environment and are doing work on personal devices. More than likely, if that employee has children at home, they are using the same Wi-Fi connection—and potentially even the same personal devices their parents occasionally use to conduct business.
Protectors from Outside
Another direction the industry should pursue, according to Goldberg, is pushing social media companies to take on a greater role. It took time for the industry to recognize the need to secure e-mail transactions interactions, as phishing became increasingly prevalent. Socially engineered attacks—whether delivered through SMS text messages or direct messages on social media—follow the same pattern.
“What can we do within the realm of DNS blocking or spam filtering that would help prevent these types of interactions from reaching the children to begin with?” Velasquez said. “That’s the direction that we need to move in as an industry. There’s a role for ISPs, mobile carriers, and—importantly—social media platforms to play.”
Social media companies could respond to account takeovers more quickly and thoroughly. Once an account is taken over, it’s no longer under the control of the true account holder.
“Even if their parents are monitoring and doing all the things that they have to do in today’s climate, that scammer is going to bypass all of that because the kids think they’re talking to a trusted adult,” said Velasquez. “They think it’s their auntie or their teacher. Because these accounts are allowed to stay online and active under the control of the scammer for long periods of time, they’re doing a lot of damage.”
The Emotional Toll
Until the industry takes more steps to combat child identity theft, parents will have to remain on the front lines. They should consider not only the financial damage but also the emotional damage and reputational damage that can come from these types of attacks, particularly on social media. The image that teens project to their circle is very important to them.
“Kids who are dealing with this issue sometimes resort to self-harm and even suicide,” said Velasquez. “Please realize how important this is. It’s not just a minor inconvenience or one of those life things you can have to deal with. It can be life altering.”
Communication is key. An important step for parents is learning to recognize the behaviors their child might exhibit if they were being cyberbullied or manipulated in some way. It’s also essential to keep the lines of communication open with the child’s educators.
“If parents were more in tune with the warning signs, we could address a lot of these things before the consequences become so dire,” Goldberg said.
